[EDITOR'S DRAFT] Verifiable Claims Working Group Charter

It is currently difficult to express banking account information,
education qualifications, healthcare data, and other sorts of
machine-readable personal information that has been verified by a 3rd party
on the Web. These sorts of data are often referred to as
verifiable claims. The mission of the Verifiable Claims
Working Group is to make expressing, exchanging, and verifying claims easier
and more secure on the Web.

Scope

The Working Group will:

Recommend a data model and syntax(es) for the expression of verifiable claims,
including one or more core vocabularies.

Create a note specifying how these data models should be used with existing
attribute exchange protocols, a suggestion that existing protocols
should be modified, or a suggestion that a new protocol is required to
address the problems stated earlier in this document.

Focus their efforts on the identified
use cases with a particular focus on the
payments and education sectors. Use cases from other industries may be
included if there is significant industry participation.

The Working Group will not:

Define browser-based APIs for interacting with verifiable claims. This work may be performed by a future Working Group if there is interest, but is not required for the Working Group to be successful.

Define a new protocol for attribute exchange. This work may be performed by a future Working Group if there is interest, but is not required for the Working Group to be successful.

Attempt to create supporting infrastructure, other than a data model and syntax(es), for a verifiable claims ecosystem.

Attempt to address the larger problem of "Identity on the Web/Internet".

Terminology

verifiable claim

A machine-readable statement made by an entity that is cryptographically authentic (non-repudiable).

credential (aka attestation)

A set of verifiable claims that refer to a qualification, achievement, personal quality, aspect of an identity such as a name, government ID, preferred payment processor, home address, or university degree typically used to indicate suitability.

Security and Privacy Considerations

In general, the issuers of verifiable claims want to ensure that their
reputation is protected, the holders of verifiable claims want to
ensure their data is protected, and the inspectors of verifiable claims
want to be confident in their claims-based decisions. As a result,
both security and privacy are critical for verifiable claims.

From a security perspective it is important that verifiable claims are
protected from forgery and that interactions with verifiable claims are
protected from bad actors at all stages of the lifecycle.

From a privacy perspective it is important that information that is
intended to remain private is handled appropriately. Maintaining the
trust of a verifiable claims ecosystem is important. Verifiable
claims technology defined by this group should not disclose private
details of the participants' identity or other sensitive information
unless required for operational purposes, by legal or jurisdictional
rules, or when deliberately consented to (e.g. as part of a request
for information) by the holder of the information. The design of any
data model and syntax(es) should guard against the unwanted leakage of
such data.

The Working Group will work with the security and privacy organizations
listed in the liaisons section of the charter to help ensure that
both security and privacy are considered.

Internationalization and Accessibility Considerations

Verifiable claims are made throughout the world and are issued and used by
a variety of organizations and people with varying languages and
levels of disabilities. The technology developed by the working group must
be able to express verifiable claims in a variety of languages and must
be able to be used by people with a variety of disabilities.

The Working Group will work with the internationalization and
accessibility organizations listed in the liaisons section of the charter
to help ensure that both internationalization and accessibility are
considered.

Deliverables

Verifiable Claims Data Model and Syntax Recommendation

This Recommendation will define or identify:

A Data Model and Core Vocabularies: for expressing verifiable claims in a semantically extensible way.

Syntax(es): that are machine-readable and capable of expressing the data model across a variety of formats.

Signature Mechanism(s): that are capable of protecting the verifiable claims from attack such that the claims can be trusted by consumers of those claims.

Verifiable Claims Implementation Guidance

This NOTE will define or identify:

How the data model and syntax can be used with existing attribute exchange architectures to address all of the problems stated in this document, or

How the data model and syntax can be used with a set of modifications to existing attribute exchange architectures, or

If a new attribute exchange protocol is needed and if so, requirements for that protocol to address the problems identified in this document.

Interoperability Success Criteria

The Working Group will develop test suites for Recommendation-track specifications.

The group will seek independent interoperable implementations by two software libraries.

For any implementation cited to establish interoperability success, the Working Group will work with the WAI Protocols and Formats Working Group (or its successor) to help communicate accessibility issues to the developers.

Milestones

Note: The group will document significant changes from this initial schedule
on the group home page.

Ensure that the badges being modeled and expressed by
the Open Badges community are compatible with the Verifiable
Claims WG.

Participation

To be successful, the Verifiable Claims Working Group is expected to have 10 active participants for its duration.
Effective participation in Verifiable Claims Working Group may consume .1 FTE for each participant; for editors
this commitment may be higher.

Communication

This group primarily conducts its work on the public mailing list public-@@@-wg@w3.org (archive).
Administrative tasks may be conducted in Member-only communications.

Information about the group (deliverables, participants, face-to-face meetings, teleconferences, etc.) is
available from the Verifiable Claims Working Group home page.

Decision Policy

As explained in the Process Document (section 3.3), this
group will seek to make decisions when there is consensus. When a Chair puts a question and observes
dissent, after due consideration of different opinions, the Chair should put a question out for voting
within the group (allowing for remote asynchronous participation -- using, for example, email and/or
web-based survey techniques) and record a decision, along with any objections. The matter should then be
considered resolved unless and until new information becomes available.

Any resolution first taken in a face-to-face meeting or teleconference (i.e., that does not follow a 7 day
call for consensus on the mailing list) is to be considered provisional until 5 working days after the
publication of the draft resolution. If no
objections are raised on the mailing list within that time, the resolution will be considered to have
consensus as a resolution of the Working Group.

Patent Policy

This Working Group operates under the W3C Patent Policy (5 February 2004 Version). To promote the widest adoption of Web standards, W3C seeks to issue Recommendations that can be
implemented, according to this policy, on a Royalty-Free basis.

This charter for the Verifiable Claims Working Group has been created according to section 5.2 of the Process
Document. In the event of a conflict between this document or the provisions of any charter and the W3C
Process, the W3C Process shall take precedence.

Written by participants of the Verifiable Claims Task Force, which is a Task Force of the Web Payments Interest Group.